feat(payment_link): add provision for secured payment links (#5357)

Co-authored-by: hyperswitch-bot[bot] <148525504+hyperswitch-bot[bot]@users.noreply.github.com> Co-authored-by: Sanchith Hegde <22217505+SanchithHegde@users.noreply.github.com>
2025-10-28 04:04:55 +08:00 · 2024-07-30 13:12:35 +05:30
parent a791391e2a
commit 043abb59b9
31 changed files with 841 additions and 318 deletions
--- a/crates/common_utils/src/consts.rs
+++ b/crates/common_utils/src/consts.rs
@ -1,5 +1,7 @@
 //! Commonly used constants

+use std::collections::HashSet;
+
 /// Number of characters in a generated ID
 pub const ID_LENGTH: usize = 20;

@ -81,6 +83,9 @@ pub const DEFAULT_DISPLAY_SDK_ONLY: bool = false;
 /// Default bool to enable saved payment method
 pub const DEFAULT_ENABLE_SAVED_PAYMENT_METHOD: bool = false;

+/// Default allowed domains for payment links
+pub const DEFAULT_ALLOWED_DOMAINS: Option<HashSet<String>> = None;
+
 /// Default ttl for Extended card info  in redis (in seconds)
 pub const DEFAULT_TTL_FOR_EXTENDED_CARD_INFO: u16 = 15 * 60;

--- a/crates/common_utils/src/validation.rs
+++ b/crates/common_utils/src/validation.rs
@ -1,6 +1,9 @@
 //! Custom validations for some shared types.

+use std::collections::HashSet;
+
 use error_stack::report;
+use globset::Glob;
 use once_cell::sync::Lazy;
 use regex::Regex;
 #[cfg(feature = "logs")]
@ -57,6 +60,27 @@ pub fn validate_email(email: &str) -> CustomResult<(), ValidationError> {
    Ok(())
 }

+/// Checks whether a given domain matches against a list of valid domain glob patterns
+pub fn validate_domain_against_allowed_domains(
+    domain: &str,
+    allowed_domains: HashSet<String>,
+) -> bool {
+    allowed_domains.iter().any(|allowed_domain| {
+        Glob::new(allowed_domain)
+            .map(|glob| glob.compile_matcher().is_match(domain))
+            .map_err(|err| {
+                let err_msg = format!(
+                    "Invalid glob pattern for configured allowed_domain [{:?}]! - {:?}",
+                    allowed_domain, err
+                );
+                #[cfg(feature = "logs")]
+                logger::error!(err_msg);
+                err_msg
+            })
+            .unwrap_or(false)
+    })
+}
+
 #[cfg(test)]
 mod tests {
    use fake::{faker::internet::en::SafeEmail, Fake};